NATSO Urges Congress to Reject Draft Data Security Bill

NATSO joined nine trade associations representing more than 1 million businesses in urging Congress to reject consideration of recent draft legislation from the Financial Services Roundtable (FSR) that would impose unfair and burdensome data security and breach notification standards on retailers.

In a letter sent to every Member of the Hous of Representatives, the associations said that the FSR draft, which is similar to the Data Security Act of 2015 (H.R. 2205), would negatively affect NATSO members by prescribing a laundry list of data security standards on retailers, while wholly exempting favored industries from the new requirements. The legislation could also subject NATSO members to punitive fines without a clear understanding of what constitutes a violation.

The association's acknowledged the severity and extent of data security breaches. However, the letter urged members to only consider legislation that “does not overly burden business, does not impose unfair burdens, and does not pick regulatory winners and losers among differing business sectors in the process.”

The letter further advocated for a uniform federal law, a reasonable compliance standard, an appropriate enforcement authority, and a universal obligation to notify consumers of data breaches – not just a notification standard for retailers. NATSO and other industry members will work with Congress on future legislation that meets these principles.

In addition to NATSO, signatories included the American Hotel & Lodging Association; International Franchise Association; National Association of Convenience Stores; National Association of Realtors; National Council of Chain Restaurants; National Grocers Association; National Retail Federation; Society of Independent Gasoline Marketers of America; and the U.S. Travel Association.